Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/matitalatina/vpn-raspberry-ansible

Ansible playbook to install IKEv2 Road Warrior VPN on Raspberry Pi
https://github.com/matitalatina/vpn-raspberry-ansible

Last synced: 10 days ago
JSON representation

Ansible playbook to install IKEv2 Road Warrior VPN on Raspberry Pi

Host: GitHub
URL: https://github.com/matitalatina/vpn-raspberry-ansible
Owner: matitalatina
License: mit
Created: 2019-01-12T10:06:57.000Z (about 6 years ago)
Default Branch: master
Last Pushed: 2023-02-07T22:56:12.000Z (almost 2 years ago)
Last Synced: 2024-11-11T18:18:02.094Z (2 months ago)
Language: Jinja
Homepage:
Size: 46.9 KB
Stars: 4
Watchers: 2
Forks: 2
Open Issues: 4
Metadata Files:
- Readme: README.md
- Funding: FUNDING.yml
- License: LICENSE

Awesome Lists containing this project

README

        # VPN Raspberry Pi Ansible Playbook

Setup VPN IKEv2 [Road Warrior](https://en.wikipedia.org/wiki/Road_warrior_(computing)) with private/public key authentication for local side, username/password for Road Warrior client.

## What does the playbook do?

- Create private/public keys using [Let's Encrypt](https://letsencrypt.org/) for your domain.

- Automatic renewal of the keys.

- Install VPN IKEv2 Road Warrior using [strongSwan](https://www.strongswan.org/).

- Configure Raspberry Pi firewall to allow VPN work properly.

## Requirements

- [Ansible](https://www.ansible.com/) installed on your local machine.

- A [Dynamic DNS](https://en.wikipedia.org/wiki/Dynamic_DNS) that points to your home. Only if your internet service provider assigns a dynamic IP to you.

- Your firewall router:

  - should forward VPN ports to your Raspberry Pi

    ```

    UDP *:500 -> Raspberry Pi:500

    UDP *:4500 -> Raspberry Pi:4500

    ```

  - should forward port 80 (or 443) to allow Let's Encrypt to verify your domain ownership.

    ```

    TCP *:80 (or 443) -> Raspberry Pi:80 (or 443)

    ```

  - should allow incoming VPN packets from outside.

    ```

    From any host in wan, ESP protocol -> ALLOW

    From any host in wan, AH protocol -> ALLOW

    ```

    [You can find more information about firewall here.](https://openwrt.org/docs/guide-user/services/vpn/ipsec/strongswan/roadwarrior)

- A Raspberry Pi with Raspbian (Debian) Stretch.

## Dependencies

- [ansible-role-certbot](https://github.com/geerlingguy/ansible-role-certbot) in order to get private/public keys for your domain.

## Getting Started

I assume that you know how to use [Ansible](https://docs.ansible.com/ansible/latest/user_guide/intro_getting_started.html).

- Rename `hosts.example` to `hosts`, replace `YOUR-HOST-HERE` with your Raspberry Pi. [More info here](https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html).

- In `host_vars`, rename the file name replacing `YOUR-HOST-HERE` with your Raspberry Pi. In that file, replace UPPERCASE variables with your data. You can find more variables to customize in [ansible-role-certbot](https://github.com/geerlingguy/ansible-role-certbot).

- `ansible-playbook -vv -i hosts vpn.yml` to start it.

## Support my work

Everything I made is open source.

If you like what I'm doing and you want to support me, you can help me 😄!

- Sponsor me with [Github](https://github.com/sponsors/matitalatina)

- [Buy me a coffee](https://www.buymeacoffee.com/mattianatali)

- [Paypal](https://paypal.me/mattianatali)